SAXParserFactoryUtil (wildfly-common 1.7.0.Final API)

java.lang.Object

org.wildfly.common.xml.SAXParserFactoryUtil

public final class SAXParserFactoryUtil extends Object

Factory provides SAXParserFactory with secure defaults set. Properties not supported generate a warning, but the factory process creation will continue and return a result. Settings based on recommendations of Sonarcloud RSPEC-2755 and OWASP XML External Entity Prevention Cheatsheet.

XMLConstants.FEATURE_SECURE_PROCESSING is set to true.
FactoryConstants.APACHE_DISALLOW_DOCTYPE_DECL is set to true.
FactoryConstants.XML_EXTERNAL_GENERAL_ENTITIES is set to false.
FactoryConstants.XML_EXTERNAL_PARAMETER_ENTITIES is set to false.

Since:: 1.6.0.Final
Author:: Boris Unckel

Method Summary

Modifier and Type

Method

Description

static SAXParserFactory

create()

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details
- create
  
  @NotNull public static SAXParserFactory create()